An ex-Yahoo employee, who worked as a software engineer, pleaded guilty to hacking into over 6,000 personal email accounts of Yahoo users. This includes some emails that also belonged to his work colleagues, and it was done in order to search for sexual images and videos.
The guilty party, Reyes Daniel Ruiz, 34, who is from Tracy, California and worked for more than 10 years for Yahoo, has held several roles in the company, including as a reliability engineer.
According to the court documents, published yesterday, Ruiz specifically targetted the accounts of younger women. The documents give the following details:
"In pleading guilty, Ruiz, a former Yahoo software engineer, admitted to using his access through his work at the company to hack into about 6,000 Yahoo accounts."
Ruiz cracked user passwords and accessed internal Yahoo systems to compromise the Yahoo accounts. He admitted to targeting accounts belonging to younger women, including his personal friends and work colleagues.
Essentially, Ruiz took advantage of his position at Yahoo to hack into accounts looking for nude photographs. Once he had cracked the passwords, Ruiz searched for and downloaded sexual images and videos, which he stored on a personal hard drive.
A former Yahoo employee pleaded guilty in a federal court in San Jose to hacking thousands of users' accounts and searching for private records https://t.co/HfRrZ2VYkz— CNN (@CNN) October 1, 2019
Other account users affected
As ZDNet points out, Ruiz also gained access to accounts of other platforms, including Apple iCloud, Facebook, Gmail, DropBox, and others. He was able to do this in any situation where a victim had used their Yahoo email address to register an account.
He requested password resets on the third-party sites, which he received in the email accounts he had hacked, allowing him access to the third-party accounts.
Once Yahoo noticed suspicious activity, Ruiz destroyed the personal hard drive where he was keeping the images, US investigators say. The former Yahoo employee was eventually discovered and reported to the police.
Ruiz was formally charged in April 2019. He pleaded guilty yesterday to one count of computer intrusion, which could see him face 5 years in prison and a fine of up to $250,000.
Ruiz is currently released on a $200,000 bond but is due for his sentencing hearing starting on February 3, 2020.